JSONPath Plus Remote Code Execution (RCE) Vulnerability

Versions of the package jsonpath-plus before 10.0.7 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions...

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +2898 more potentially affected by CVE-2024-21534 via jsonpath-plus (>=0.12.0 <=10.1.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

org.webjars.npm:json-schema-faker (>=0.5.0-rcv.29 <=0.5.0-rcv.33) potentially affected by CVE-2024-21534 via org.webjars.npm:jsonpath-plus (=3.0.0)

org.webjars.npm:jsonpath-plus MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jsonpath-plus and may be impacted: - org.webjars.npm:json-schema-faker =0.5.0-rcv.29, =0.5.0-rcv.33 Source cves: CVE-2024-21534 Source...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

CVE-2024-21534

A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for...

CVE-2024-21534

CVE-2024-21534 - JSONPath Plus vulnerability allows Remote Code Execution due to unsafe vm usage and improper input sanitization. Affected: jsonpath-plus package in node environments. Root cause: unsafe default usage of Node.js vm and inadequate input sanitization enables arbitrary code execution...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

CVE-2024-21534

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. Note: There were several attempts to fix it in versions 10.0.0-10.1...

JSONPath Plus 安全漏洞

JSONPath Plus is an open source library for JSONPath Plus. A security vulnerability exists in JSONPath Plus versions prior to 10.0.0 that stems from improper input cleanup and is susceptible to a Remote Code Execution RCE attack, which can be exploited by an attacker to execute arbitrary code on ...

PT-2024-18948

Name of the Vulnerable Software and Affected Versions jsonpath-plus versions prior to 10.0.7 Description The issue is related to Remote Code Execution RCE due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm ...

Remote Code Execution (RCE)

Overview jsonpath-plus is an A JS implementation of JSONPath with some additional operators Affected versions of this package are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usag...